Is it safe to install a "companion app" with a Firefox extension?

Good morning,

This is the most popular Firefox extension for downloading videos from websites by FAR as it has 1.9 MILLION users: Video DownloadHelper – Get this Extension for 🦊 Firefox (en-GB)

I’ve installed it and I paid for the premium version however, when I try to download videos from websites I’m told: This operation requires an external application to be completed and that I need to install this “companion app”.

This worries me a great deal as I’ve got no idea what the companion app does! :cry:

I’m still researching this so I’d appreciate any advice!

Thank you for reading my question.

1 Like

Can you provide a screenshot? That sounds like a malicious ad.

But like @anon4510900 said, there are easier/free tools especially like yt-dlp (which supports hundreds of websites and has generic fallbacks).

6 Likes

This worries me as well.

This companion app will let you download a video that streams from a lot of segment files.

I don’t install it. But if I need this (can’t find any other way to get the video), I would probably install the whole Firefox, the extension, and the companion app in a container, using Distrobox for example.

EDIT: You might want to try Parabolic.

2 Likes

containers like DistroBox are NOT a security mechanism and provide full access to all host files.

2 Likes

I appreciate your replies!

I figured that installing a Firefox extension that has 1.9million users and is also recommended by Mozilla that it would be the safest tool to use to save videos from websites so I was shocked to see this request to “Install a companion App”

I appreciate your reply!

It just seems so shocking for an extension to require a “companion app”… I thought I had found a safe way to save videos from websites but this companion app makes me nervous… :cry: :cry: :cry: :cry:

Afaik this extension is legit. Just wondering why you would use it when there are decent alternatives that are just all-around simpler than an extension. In the end, whether browser extension or standard app, you should only use it if you trust it. So I don’t see the difference. Either you trust the developer, then yes you can use their extension and app, or you don’t, then you should use neither.

1 Like

I appreciate your reply!

That’s why I wanted to post this question here: So the security experts of this community can verify if it’s secure or not? :frowning_face: :frowning_face: :frowning_face: :frowning_face:

I just found this link and it seems to explain more about this “companion app”

I think it’ll be helpful to people here: GitHub - aclap-dev/vdhcoapp: Companion application for Video DownloadHelper browser add-on

Just here to recommend looking into yt-dlp as an alternative (GitHub - yt-dlp/yt-dlp: A youtube-dl fork with additional features and fixes). If using a cli is too intimidating, you can also use the gui version (GitHub - dsymbol/yt-dlp-gui: A cross-platform GUI wrapper for yt-dlp written in PySide6).

Despite the name, yt-dlp works on any site. Just something to check out.

2 Likes

Alış, you can add ss like www.ssyoutube.com to save videos without an extension. Probably that app and extension may be safe, but I take Mozilla’s suggestion as the main criteria.

There are removed apps from Google play which have millions of downloads. So many times.

1 Like

I appreciate your reply!

You say that I should not use Firefox extension to save videos from websites as there are other alternatives?

Can you please list the ones you can recommend as being the safest and best for user privacy and user security?

I recommend yt-dlp its a command line tool that allows you to download from yt and tons of other sites. There are guis for it to, but i always just use the terminal :slight_smile:

(Just noticed another commenter also mentioned it, but note it doesnt work on all sites, particularly ones using DRM on their media, for example netflix et al)

2 Likes

I appreciate your reply!

I’m still trying to be 100% certain that Github is safe.

I can’t seem to find an article on privacyguides.net regarding the security and safety of files downloaded from Github??? :cry: :cry: :cry: :cry:

It depends on the files. Anyone can upload nearly anything, so there is no vetting done. You should make sure to research and investigate software yourself before you download them

4 Likes

In general widely used and open source software is what I go with.

1 Like

I appreciate your reply!

I’m always willing to do research before I try to install any Apps to ensure they’re secure, but I’m still unsure how I can make sure Apps that I download are completely safe and secure?

There is no way to be 100% sure, but if its actively supported and generally well known it tends to be OK. One place i like to take a look at for software is the Arch Wiki – it has lots of recommendations, but you should always do your own research as some of the recommendations/suggestions are unsupported.

As an Arch user, I usually obtain software from the Arch official repositories, and if it isn’t there i will go to the AUR. I know that is blasphemous to many privacy and security concerned people due to it being community run, essentially untrusted and whatnot, but i like the OS integration. Also, i always thoroughly vet the software before installing, choose AUR packages that many other users use, look at the AUR packager’s other AUR packages and read the PKGBUILD before installing.

2 Likes

Well, you could install IDM (Internet Download Manager) from the source.
And… You know that awesome massgravel guy on GitHub that helps you with activating certain products? He also covers IDM :wink:

1 Like

Indeed yt-dlp is a very good tool. Also cobalt.tools which was linked further above can help depending on what exactly you’re trying to download.

GitHub itself is a safe platform, but whether the software published on there is safe to use is depends. So I can vouch for yt-dlp but that doesn’t mean I can necessarily say the same for everything that is and will be published on GitHub.

And just in general: While yt-dlp does indeed publish their source code and some binaries on GitHub, that doesn’t mean it’s the only way or even the best way to get the tool. For example if you’re using a Linux distribution, then you maybe prefer to use binaries provided by your distribution. Or on macOS and Windows etc. there are also other package/software management tools like Homebrew that don’t necessarily use binaries provided by the developers of the software. In case of proprietary software there’s no choice, but with open source software everybody can be a distributor, even if they’re not the ones developing a piece of software. What I want to say is: if you trust for example Fedora‘s package maintainers and you get your copy of yt-dlp from them, then you don’t necessarily need to vet the software any further. (Still, it’s not a bad idea of course to be careful.)

2 Likes